How BYOD Puts Everyone at Legal Risk
If your BYOD policy goes too far, you may be prosecuted for unfair labor practices. However, courts expect you to produce all relevant data in discovery proceedings. Meanwhile, your employees may fear retaliation if they don't sign draconian BYOD policies. CIO.com talks to attorneys to better understand the legal side of BYOD.
Thu, November 21, 2013
CIO — If your BYOD user policies are too strict, then you might be running afoul of the law.
In a case last year, the NLRB made the unprecedented argument that an at-will employment policy could "chill an employee's ability to communicate with others about wages, hours and working conditions or to engage in otherwise protected activity."
Heather Egan Sussman, a lawyer at McDermott Will & Emery, says she has seen at least three reports issued by the General Counsel over the last few years concerning cases where prosecuted companies wrote overly broad policies or policies that went too far. While these reports were mostly directed toward social media, they can apply toward BYOD polices as well.
The General Counsel's focus on confidentiality policies is causing companies to re-think their BYOD policies, says Sussman, "out of fear of prosecution."
BYOD Policies Get Down to Detail
It's an odd reversal of sorts. The first iterations of BYOD user policies erred on the side of simplicity and vagueness, merely suggesting user behavior instead of providing hard-and-fast rules. They consisted of generalizations about what companies and employees can and cannot do. These BYOD policies were practically useless when called upon for ediscovery or when employees raised privacy concerns.
Then the lawyers got involved. They helped companies draft lengthy documents covering all sorts of scenarios, including legal cases for ediscovery. BYOD policies ballooned to a dozen pages. These policies weighed heavily in favor of a company's right to monitor, access, review and disclose company or other data on BYOD mobile phones and tablets, and gave short shrift to an employee's expectation of privacy.
Now the pendulum is swinging back.
The General Counsel appears to be toughening up on corporate policies that attempt to control an employee's use of the Internet, BYOD or social media. There's concern that companies are exceeding the scope of the their authorization and potentially violating the National Labor Relations Act. While the General Counsel is not the deciding body, Sussman says, its reports can guide companies in drafting lawful BYOD policies that steer clear of prosecution.